The Italian Government recently issued a Law Decree which, among other things, modified on-line KYC for AML purposes, including the reliance on SCA when certain conditions are met.
On 16 July 2020 Law Decree No. 76/2020 regarding urgent measures for simplification and digital innovation (the "Decree") was published in the Italian Official Gazette.
Among other things, the Decree introduced amendments to the Italian AML legal framework aimed at facilitating and simplifying the customer on-line on-boarding both for market operators and customers also in light of the COVID-19 emergency. Below are the main changes:
- On-line KYC&SCA: the Decree introduced the possibility to rely on strong customer authentication ("SCA") under PSD2 for AML purposes. In particular, in the context of the establishment of a non-face-to-face business relationship, the identification requirements are deemed satisfied where the obliged entity receives a credit transfer to a payment account held in its name by the customer subject to SCA by the account servicing payment service provider. The above provision applies exclusively to the establishment of business relationships related to payment cards and similar instruments as well as to payment instruments based on telecommunication, digital or IT devices, except where such cards or instruments are used to generate the credentials to directly execute a credit transfer or direct debit to and from a payment account. The Bank of Italy is to issue implementing rules aimed at better defining the scope of this new provision.
- Digital identity: again in the context of on-line KYC, the Decree introduced amendments aimed at aligning the identity assurance level required for relying on the Italian digital public identity ("SPID") and the digital identity pursuant to Regulation (EU) No. 910/2014 ("eIDAS Regulation") for AML purposes to the definitions set out under the eIDAS Regulation.
- Identification data&ID: the ID details (e.g. number, issuance and expiration date) are no longer included in the definition of "identification data" that obliged entities must obtain from natural persons in the context of the KYC. Moreover, the verification of the data of the client on the basis of a valid ID is not always necessary (e.g. in case of a digital identity) unless there are doubts.
For further information on the Italian on-line KYC regime please see our previous insight COVID-19 and on-line KYC: an Italian picture.
Next steps
The Decree entered into force on 17 July 2020. It should be converted into law by 14 September 2020. In the context of the conversion into law, the Decree may be subject to amendments.
[View source.]